WordPress Instant Images Plugin <= 6.1.0 is vulnerable to Broken Access Control

Software Instant Images Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0869 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 5f84c56450a0 Credits Sean Murphy Required...

WordPress Dragfy Addons for Elementor Plugin <= 8.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Dragfy Addons for Elementor Type Plugin Vulnerable versions = 8.3.1 Fixed in 8.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0448 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 80155176471b Credits Webbernaut...

WordPress WP-Reply Notify Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-Reply Notify Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-7195 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7401ece8f5d0 Credits Daniel Ruf Required...

WordPress illi Link Party! Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software illi Link Party! Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7228 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b55b2b2efd50 Credits Bob Matyas Required...

DEBIAN-CVE-2024-0810

Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...

WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to Sensitive Data Exposure

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.9 Fixed in 0.1.0.10 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-23506 Patch priority High CVSS severity High 7.7 Developer InstaWP PSID 77d7b68d9038 Credits Majed Refaea Required...

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a denial of service vulnerability caused by an error when using certain WASM files in devtools. An attacker can exploit the vulnerability to cause the browser to crash...

pb-cms Cross-Site Scripting Vulnerability

pb-cms is a content management system by LinZhaoguan Individual Developer. A cross-site scripting vulnerability exists in LinZhaoguan pb-cms version 2.0, which originates from an unknown function in the component Comment Handler, which can lead to cross-site scripting using special input...

WordPress ColorMag Theme <= 3.1.2 is vulnerable to Broken Access Control

Software ColorMag Type Theme Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0679 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a03b90ac4c61 Credits Sean Murphy Required privilege...

WordPress Photo Gallery by 10Web Plugin <= 1.8.19 is vulnerable to Directory Traversal

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.19 Fixed in 1.8.20 OWASP Top 10 A4: Insecure Design Classification Directory Traversal CVE CVE-2024-0221 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 29011d5256be Credits Bence Szalai Required privile...

WordPress GeneratePress Premium Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)

Software GeneratePress Premium Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6807 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 846d3c0679d6 Credits Francesco Carlucci...

WordPress WP-Lister Lite for eBay Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22307 Patch priority Medium CVSS severity Medium 7.1 Developer WP Lab PSID d2c57f837173 Credits Dimas Maulana Required privilege...

liuwy-dlsdys zhglxt Cross-Site Scripting Vulnerability

zhglxt is a web application by the Chinese liuwy-dlsdys individual developer. A cross-site scripting vulnerability exists in liuwy-dlsdys zhglxt version 4.7.7, which stems from the parameter notifyTitle in the file /oa/notify/edit that causes cross-site scripting...

JVN#67215338: FusionPBX vulnerable to cross-site scripting

FusionPBX contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product. Solution Update the software Update the software to the latest version according to the information provided by the...

WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Posts List Designer by Category – List Category Posts Or Recent Posts Type Plugin Vulnerable versions = 3.3.2 Fixed in 3.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-23502 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Ninja Tables Plugin <= 5.0.5 is vulnerable to Broken Access Control

Software Ninja Tables Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23504 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 86a45ee34ff9 Credits emad Required privilege...

WordPress WP Recipe Maker Plugin <= 9.1.0 is vulnerable to Path Traversal

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.1.0 Fixed in 9.1.1 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-0380 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 156eb3d878da Credits wesley wcraft Required privilege...

WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.4 is vulnerable to Bypass Vulnerability

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-6963 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cbf13618cdfb Credits Lucio Sá Required...

WordPress WP Recipe Maker Plugin <= 9.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.1.0 Fixed in 9.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0384 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 782b4465ae79 Credits wesley wcraft Required...